---
---
<!-- url: install-privs-before -->
<!-- title: Before You 安装Magento: Recommended File System Ownership and Privileges -->

<!DOCTYPE html>
<html lang=en>

<head>
    <meta charset=utf-8>

    <link rel="stylesheet" type="text/css" href="{{ site.baseurl }}/common/css/stylesheet.css"/>
    <link rel="stylesheet" href="{{ site.baseurl }}/common/css/stylesheet-fonts.css" type="text/css" charset="utf-8">
    <link rel="icon" href="{{ site.baseurl }}/common/css/favicon.ico" type="image/x-icon">
    <link rel="shortcut icon" href="{{ site.baseurl }}/common/css/favicon.ico" type="image/x-icon">
    <title>Before You 安装Magento: Recommended File System Ownership and Privileges</title>

</head>

<body>
<a name="top"></a>
<img src="{{ site.baseurl }}/common/images/m1x/m1xheader.png" width="1024" alt="header" />

<div id="content"> 
<h1>Before You 安装Magento: Recommended File System Ownership and Privileges</h1>
<p><a href="{{ site.m1xgithuburl }}guides/m1x/install/installer-privileges_after.html" target="_blank">Edit this page on GitHub <img src="{{ site.baseurl }}/common/images/github_icon.png" height="15px"></a></p>


<div class="toc"> <h4 class="toc">Table of Contents</h4>
<ul><li><a href="#overview">概述</a></li>
<li><a href="#terms">Terminology</a></li>
<li><a href="#privs-before">Recommended Privileges and Ownership Before You 安装Magento</a></li>
<li><a href="#more-info">For More Information</a></li>
</ul></div>

<h2 id="overview">概述</h2>
<p>In a continuing effort to improve security and ease of use, Magento is updating its recommendations for file system permissions and ownership for the following Magento editions:</p>
<ul><li>Magento Enterprise Edition (EE) versions 1.9 and later</li>
<li>Magento Community Edition (CE) versions 1.4 and later</li></ul>
<p>The guidelines discussed in this article apply to:</p>
<ul><li>New installations of or upgrades to the previously listed Magento versions only.<br />
The instructions might not work with older versions. If you have already installed Magento, see <a href="{{ site.m1xgdeurl }}install/installer-privileges_after.html" target="_blank">After You 安装Magento: Recommended File System Ownership and Privileges</a>.</li>
<li><a href="{{ site.m1xgdeurl }}system-requirements.html" target="_blank">Supported operating systems</a> only.</li></ul>

<div class="msg-box important"><img src="{{ site.baseurl }}/common/images/m1x/icon-important.png" alt="important" align="left" width="40"><span><strong>Important</strong>: This topic contains <em>suggestions</em> based on our experience. They are not <em>requirements</em> because we don't know the details of your deployment. Consult your hosting provider, a qualified security specialist, or an experienced system administrator for advice about specific security settings.</span></div>

<h2 id="terms">Terminology</h2>
<p>This article uses the following terminology:</p>
<dl>
<dt>Hosted system</dt>
<dd>A Magento server located on a hosting provider. A <em>hosted</em> system typically does not enable you to elevate to <tt>root</tt>. The web server typically runs as an ordinary user. Magento assumes you log in as this user to start and stop the web server and that you already own all the files and directories in the Magento installation directory. You can use <tt>chmod</tt> to change permissions on files and directories.</dd>
<dt>Dedicated system</dt>
<dd>A Magento server you control and operate. Unlike a hosted system, you can elevate to <tt>root</tt> and, as <tt>root</tt>, you can use the <tt>chown</tt>和<tt>chmod</tt> commands to set ownership and privileges in the Magento installation directory.</dd>
</dl>


<h2 id="privs-before">Recommended Privileges and Ownership Before You 安装Magento</h2>
<p>This section discusses Magento's pre-installation recommended privilege and ownership settings, which are as follows:</p>
<ul><li>The Magento installation directory and all subdirectories are owned by the web server user.<br />
This enables the web server to change files in these subdirectories but other users cannot access them (except a higher-level user such as <tt>root</tt>).</li>
<li>All directories have 700 permissions (<tt>drwx------</tt>).<br />
700 permissions give full control (that is, read/write/execute) to the owner and no permissions to anyone else.</li>
<li>All files have 600 permissions (<tt>-rw-------</tt>).<br />
600 permissions mean the owner can read and write but other users have no permissions.</li>
<li>If you use PHP-FPM (FastCGI Process Manager), make sure it is configured to run the same user as the Apache web server (Nginx web server).<br />
This allows web server to access content generated by Magento (Uploaded files, images, 等.).</li></ul>
<p class="kb-notes"><strong>注意</strong>: On a dedicated system, all commands discussed in this article must be entered as a user with <tt>root</tt> privileges.</p>
<p>After you extract the Magento installation package, set ownership and permissions as follows:</p>
<ol><li><em>Dedicated Magento server only.</em> Find the web server user:
<ul><li>Apache:
<ul class="level3"><li>Ubuntu: <tt>grep User /etc/apache2/apache2.conf</tt></li>
<li>CentOS: <tt>grep User /etc/httpd/conf/httpd.conf</tt><br />
<p class="kb-notes"><strong>Note:</strong> The preceding paths are samples only. The paths to these <tt>.conf</tt> files on your system might be different. You can use the command <tt>whereis nginx</tt> to find the location of the configuration files.</p>
</li></ul>
<!-- <pre>ps -o "user group command" -C httpd,apache2</pre>
The value in the USER column is the web server user name.<br /> -->
Typically, the Apache web server user on CentOS is <tt>apache</tt> and the Apache web server user on Ubuntu is <tt>www-data</tt>.</li>
<li>nginx: Open the nginx configuration file, typically <tt>/etc/nginx/nginx.conf</tt>. The <tt>user</tt> directive specifies the user name. It might run as the Apache user if Apache is installed on the same system.</li></ul>
</li>
<li>Change to the Magento installation directory.</li>
<li><em>Dedicated Magento server only</em>. Enter the following command to set ownership of the Magento installation directory and all its subdirectories:
<pre>chown -R <em>web-server-user-name</em> .</pre>
例如， on Ubuntu where Apache usually runs as <tt>www-data</tt>, enter
<pre>chown -R www-data .</pre></li>
<li>Enter the following commands to set directory permissions to 700 and file permissions to 600:
<pre>find . -type d -exec chmod 700 {} \;
find . -type f -exec chmod 600 {} \;</pre></li></ol>

<h2 id="more-info">For More Information</h2>
<p>For more information about UNIX permissions, see the following resources:</p>
<li><a href="http://www.statslab.cam.ac.uk/~eva/unixinfo/perms.html" target="_blank">UNIX File Permissions</a></li>
<li><a href="http://permissions-calculator.org/" target="_blank">Unix Permissions Calculator</a></li>
<li><a href="http://unix.stackexchange.com/questions/39710/how-to-get-permission-number-by-string-rw-r-r" target="_blank">Article on unix.stackexchange</a></li></ul>


</body>
</html>
